hello, I have two eth interfaces gateway/router that i swith one public IP connected to the Internet. Local machines use private IPs. One of those machines is CD server that support http protocol. I would liek to use direct some links from our site that i son other computer on the Internet (not in LAN) to our CD server. I used DNAT and specified protocol tcp, port 80, IP of server where is our site hosted and private IP of Cd server, but I am continuously getting information that connection is refused while connecting IP of my gateway that does have public IP. Hm, I do not know where is mistake/problem. I contacted ISP and they told me that they do not block port 80 for redirection. Any advise? Best wishes, Vedran Vucic ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Sunday 08 January 2006 10:27, Vedran Vucic wrote:> Any advise?See the DNAT debugging instructions in Shorewall FAQs 1a and 1b. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi, I want to pass the rate limit of my internet provider to play with lands-eternal. I have two possibility to make that: use source port <1024 or use a relay server. The first one : I don''t find doc. to make source port forwarding with shorewall so is it possible ? I want something like that : If destination serveur is eternal-land forward source port (1024-65535) to (100-1000) The second : DNAT net net:eternal_lands_server:3000 tcp port_not_filter_on_server_relay_ip - server_relay_ip but it don''t work so is it possible to make forwarding on the same interface ? Thanks all S.
On Friday 13 January 2006 06:54, Sylvain Blanc wrote:> Hi, > > I want to pass the rate limit of my internet provider to play with > lands-eternal. > I have two possibility to make that: > use source port <1024 or use a relay server. > > The first one : > I don''t find doc. to make source port forwarding with shorewall so is it > possible ? I want something like that : > If destination serveur is eternal-land forward source port (1024-65535) to > (100-1000)Try this /etc/shorewall/masq: <external if>:<IP of eternal-land> 0.0.0.0/0 <protocol> 1024: \ :100-1000> > The second : > DNAT net net:eternal_lands_server:3000 tcp > port_not_filter_on_server_relay_ip - server_relay_ip but it don''t > work so is it possible to make forwarding on the same interface ?I don''t understand what you are trying to do. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>On Friday 13 January 2006 06:54, Sylvain Blanc wrote: >> Hi, >> >> I want to pass the rate limit of my internet provider to play with >> lands-eternal. >> I have two possibility to make that: >> use source port <1024 or use a relay server. >> >> The first one : >> I don''t find doc. to make source port forwarding with shorewall so is it >> possible ? I want something like that : >> If destination serveur is eternal-land forward source port (1024-65535) >> to >> (100-1000) > >Try this >/etc/shorewall/masq: ><external if>:<IP of eternal-land> 0.0.0.0/0 <protocol> 1024: :100-1000#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE eth0:62.93.225.26 0.0.0.0/0 tcp 1024: :100-1000 There is not source port forwarding (i use tcpdump to show)>> >> The second : >> DNAT net net:eternal_lands_server:3000 tcp >> port_not_filter_on_server_relay_ip - server_relay_ip but it >> don''t >> work so is it possible to make forwarding on the same interface ? > >I don''t understand what you are trying to do.a tcp relay between an public internet serveur on a none filter port and the eternal lands server, so a port forwarding on the same interface. it like something like that : DNAT net net:IP_ETERNAL_LANDS:3000 tcp 200 - IP_PUBLIC_OF_MY_SERVER ----- Original Message ----- From: Sylvain Blanc To: shorewall-users@lists.sourceforge.net Sent: Friday, January 13, 2006 3:54 PM Subject: [Shorewall-users] DNAT Hi, I want to pass the rate limit of my internet provider to play with lands-eternal. I have two possibility to make that: use source port <1024 or use a relay server. The first one : I don''t find doc. to make source port forwarding with shorewall so is it possible ? I want something like that : If destination serveur is eternal-land forward source port (1024-65535) to (100-1000) The second : DNAT net net:eternal_lands_server:3000 tcp port_not_filter_on_server_relay_ip - server_relay_ip but it don''t work so is it possible to make forwarding on the same interface ? Thanks all S. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Saturday 14 January 2006 03:21, Sylvain Blanc wrote:> > > >Try this > >/etc/shorewall/masq: > ><external if>:<IP of eternal-land> 0.0.0.0/0 <protocol> 1024: :100-1000 > > #INTERFACE SUBNET ADDRESS PROTO PORT(S) > IPSEC > eth0 eth1 > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > eth0:62.93.225.26 0.0.0.0/0 tcp 1024: :100-1000 > > There is not source port forwarding (i use tcpdump to show)Sorry -- the rule should be eth0:62.93.225.26 0.0.0.0/0 :100-100 tcp 1024: -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
eth0:62.93.225.26 0.0.0.0/0 :100-1000 tcp 1024: no more ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Sylvain Blanc" <sb-list@8-D.org> Cc: <shorewall-users@lists.sourceforge.net> Sent: Saturday, January 14, 2006 5:20 PM Subject: Re: [Shorewall-users] DNAT ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Saturday 14 January 2006 22:18, Sylvain Blanc wrote:> eth0:62.93.225.26 0.0.0.0/0 :100-1000 tcp 1024: > > no moreIf that means "that didn''t work either" then I guess I don''t understand what you are trying to do. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Sunday 15 January 2006 08:00, Tom Eastep wrote:> On Saturday 14 January 2006 22:18, Sylvain Blanc wrote: > > eth0:62.93.225.26 0.0.0.0/0 :100-1000 tcp 1024: > > > > no more > > If that means "that didn''t work either" then I guess I don''t understand > what you are trying to do.One more thing -- I assume that you inserted the above line BEFORE any other entries that could MASQUERAGE/SNAT the traffic going out of eth0. If you didn''t then the rule could have no possible effect. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key